FW/IPSec VPN Buyer’s Guide

Quick Checklist

This section builds upon the framework for evaluating firewall and VPN products that was described in the previous section, providing a quick checklist of some of the top questions to pose in each criteria category. For more in- depth questions that enable a side-by-side comparison of different solutions, go to the Detailed Buyer’s Checklist that follows this section.

1.Provide Strong Security

• Does the solution integrate best-of-breed technologies?

oHow long have the technologies been in the market?

oAre there any third party verifications of viability available?

oAre the technologies based on open source solutions?

Does the solution provide strong access control – stateful inspection?

What kind of user authentication does the solution support?

What network-level attacks does the solution protect against?

oDoS attacks

oDDoS attacks

Does it have the ability to make determinations on whether to allow or deny traffic based on application- layer information?

oWhat kind of application-level attacks can it detect?

oWhat kind of application-level attacks can it prevent?

What kind of encryption does the VPN support?

Can the solution apply policies to internal traffic to establish additional layers of trust and contain attacks?

What type of security certifications does the product have?

What kind of platform is the solution built on?

oIs it a general-purpose platform that could introduce security risks?

Can the solution scale to meet the different security needs of small to large sites?

2.Offer Predictable Performance

What are the performance (large and small packet size) capabilities of the solution to ensure that performance remains predictable?

What has the solution done to optimize its traffic processing?

How does the solution minimize latency to ensure real-time applications are not degraded (e.g. VoIP)?

How does the solution handle very fast session ramp rates to protect against DoS attacks?

How does the architecture of the solution enable performance under load?

How does the solution handle multiple concurrent sessions to ensure user connectivity is not lost or slowed?

How does the solution accommodate additional functionality, without degrading performance?

How does the solution accelerate the VPN negotiation to set up the VPN tunnels to make the time imperceptible to the user?

How can the solution quickly create and then maintain VPN tunnels to ensure they are always available for the user?

Copyright © 2004, Juniper Networks, Inc.

6

Page 6
Image 6
Juniper Networks 710008-001 manual Quick Checklist